Data Privacy & Security


In today’s competitive environment, businesses collect, process, and store significant amounts of confidential and proprietary information about their customers, clients, vendors, and employees. The possession, handling, and security of that information take place in an increasingly complex legal environment for businesses and the individuals whose information is at stake.

First, as recent headlines consistently remind us, cyber-crime and data breaches are occurring at an increasing rate – giving rise to potential liability for businesses that have failed to take adequate steps to protect their information. As the frequency of those breaches has increased, the costs to businesses impacted by them have, likewise, grown – up nearly 10 percent in terms of cost per record from 2013 to 2014. Those costs include out-of-pocket expenses (including those to repair the breach, to notify affected individuals, and to settle claims), loss of business reputation, and the loss future business as fallout from breach events.

Second, with the rise of concerns over the privacy of information, state and federal legislators and regulators have enacted increasingly complex legislation and regulations that govern businesses’ responsibility for confidential personal information. These rules and laws cross diverse industries and create new obligations on businesses for the treatment and protection of information.

Gallagher & Kennedy’s multidisciplinary data privacy and security attorneys can assist businesses in navigating their way through these uncertain waters. We have experience advising clients regarding the various common law and legislative privacy obligations they face in various industries. And, we assist clients with both front-end protection of their information and back-end response should they experience a security event.

Our team assists clients throughout the life cycle of data collection, storage, use, disclosure, sharing, and timely destruction, including:

  • Compliance audits and reviews to proactively manage internal and external data protection
  • Creation and implementation of data privacy policies and procedures, including data security, information confidentiality, employee privacy, record retention and destruction, and data breach contingency response plans
  • Negotiation with vendors to maintain the security of confidential personal information and to reduce the risk associated with vendors’ access to it
  • Counseling on the federal and state data protection, privacy, and sharing laws and regulations that may apply to and impact the client and its industry

We also advise clients in various industries on their obligations with respect to the privacy and protection of information in the constantly-shifting landscape of state and federal legislation and regulation, including:

  • Workplace privacy issues
  • Financial information under the Gramm Leach Bliley Act (GLBA), Dodd Frank Wall Street Reform and Consumer Protection Act, Fair Credit Reporting Act (FCRA), and Fair and Accurate Credit Transactions Act (FACTA)
  • Business and workplace privacy guidelines
  • Healthcare information under Health Insurance Portability and Accountability Act (HIPAA)
  • Employee Retirement Income Security Act (ERISA)

Despite even the best precautions and diligence, data security events do still happen. A company’s post-breach response should be timely and strategic in order to minimize potential liability while, at the same time, maximizing the opportunity to recover from the breach. When a breach does occur, Gallagher & Kennedy counsels and defends clients through the response, including:

  • Assisting with immediate/emergent response and assembling the proper professionals to coordinate and to implement the response plan
  • Communicating with executive leadership and legal teams regarding the breach
  • Advising and assisting with decisions regarding when to involve law enforcement and responding to government investigations and subpoenas
  • Assisting in the notification process to both affected individuals and regulatory agencies
  • Advising on available options to mitigate any harm caused by an event
  • Defending litigation
  • Negotiating the settlement of claims

As each and every breach is unique, Gallagher & Kennedy provides a focused, efficient response that is tailored to the specific circumstances of each event. Response must be swift but also measured in accordance with the risks and obligations of the specific event.

Related Attorneys: